[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Ray Dillinger
bear at sonic.net
Sun Nov 1 22:18:25 EST 2015
On 11/01/2015 04:09 PM, Peter Gutmann wrote:
> Repeating, for the third time now, the same thing, 100% of the people I've
> talked to about this (same qualifier as the other times, small sample size)
> interpreted the docs to mean that the compiler does more or less the opposite
> of what it actually does.
So about that 100% - I don't count? I answered first without even
reading the doc, and then reading the doc absolutely confirmed it.
"will do optimizations based on the knowledge" of any declaration
or pragma that a programmer can add to a program ALWAYS allows
"whether or not the compiler can prove that the programmer is
right." If it were otherwise, it wouldn't even SAY anything
about optimizations because it is *already* allowed to do any
optimization whatsoever with anything it can actually prove.
You were making a promise to the compiler about your program.
You thought you were asking the compiler to make a promise to
you about how it checked your program. But the words "will
do optimizations based on" are about as direct a statement as
it is possible to get that the compiler is making NO promise
to check what you told it.
In the case of gcc, it appears to be making no *effort* to check,
which is different and less useful - but fully consistent with
everything else about gcc.
The only thing even *slightly* misleading about the doc was
mentioning that if it HAPPENED to prove that you were wrong, it
would warn you about it. That sentence should probably be struck.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151101/f305d221/attachment.sig>
More information about the cryptography
mailing list